Security, Expert (JNCIE-SEC)

Security Infrastructure

In a network that comprises multiple sites and security devices, a successful candidate will:

• Deploy, manage, and troubleshoot chassis clustering while ensuring that specific behavior is achieved in regard to redundancy groups and priorities.
• Deploy, modify, and troubleshoot a variety of IPsec tunnels between sites while ensuring specific criteria is being accomplished.
• Create, modify, and validate security zones on security devices across multiple sites. 
• Implement and use a variety of methods for allowing incoming local host and protocol traffic.
• Create, modify, and validate security policies to properly handle a variety of traffic requirements and restrictions. The candidate will use policies to ensure proper communication between internal and external devices and resources.
• Implement a variety of Network Address Translation (NAT) solutions to ensure proper communication between networks, which might include one-to-one mapping, overlapping addresses, and Internet connectivity.
• Implement a variety of system services, which might include Network Time Protocol (NTP), SSH, and HTTPS.
• Create and use custom security policy applications to control traffic flows between specific resources in the network.

Security Management

In a network comprised of multiple sites and security devices, a successful candidate will:

• Use various methods including packet captures, security logs, and session tables to identify malicious attacks and attack patterns. The candidate will implement screens throughout the network to prevent these attacks.
• Use Security Director to manage, monitor, and run reports for the branch security devices.
• Create a custom syslog file using the specified format to monitor various security attacks.

Advanced Security

In a network comprised of multiple sites and security devices, a successful candidate will:

• Use AppTrack to track and log usage and statistic information to a particular file while using the specified format.
• Use advanced policy-based routing (APBR) to identify specific traffic and make appropriate changes to routing decisions.
• Use the Junos CLI to download, install, and use the IDP signature database and predefined policy templates. The candidate will modify intrusion detection and prevention (IDP) templates to accomplish required behavior based on task requirements.
• Implement public key infrastructure (PKI) with Secure Sockets Layer (SSL) forward proxy to allow the inspection of specific encrypted traffic. The candidate will implement a solution to exclude certain traffic from being decrypted by SSL forward proxy.
• Enroll and monitor devices with Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud). 
• Use Juniper ATP Cloud to inspect certain traffic for malware threats and carry out a specified action if found.
• Use Security Director to block communication to certain geographical locations.